Skip to content
This repository has been archived by the owner on Nov 3, 2021. It is now read-only.

Commit

Permalink
Merge pull request #1586 from mozilla/gene1wood-patch-1
Browse files Browse the repository at this point in the history 
Change raw_value to JSON
  • Loading branch information
@pwnbus
pwnbus committed Apr 9, 2020
2 parents b6338a5 + 9d8690b commit 70fd219
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 27 deletions.
3 changes: 2 additions & 1 deletion mq/plugins/cloudtrail.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
# Copyright (c) 2017 Mozilla Corporation

import json
from mozdef_util.utilities.key_exists import key_exists


Expand Down Expand Up @@ -74,7 +75,7 @@ def convert_key_raw_str(self, needle, haystack):
for updated_key in num_levels:
if updated_key == num_levels[-1]:
current_pointer[updated_key] = {
'raw_value': str(current_pointer[updated_key])
'raw_value': json.dumps(current_pointer[updated_key])
}
return haystack
if updated_key in current_pointer:
Expand Down
52 changes: 26 additions & 26 deletions tests/mq/plugins/test_cloudtrail.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ def test_iamInstanceProfile(self):
'source': 'cloudtrail',
'details': {
'requestparameters': {
'iaminstanceprofile': 'astringvalue',
'iaminstanceprofile': {'afieldname': 'astringvalue'},
}
}
}
Expand All @@ -51,7 +51,7 @@ def test_iamInstanceProfile(self):
'details': {
'requestparameters': {
'iaminstanceprofile': {
'raw_value': 'astringvalue',
'raw_value': '{"afieldname": "astringvalue"}',
}
}
}
Expand All @@ -64,7 +64,7 @@ def test_attribute(self):
'source': 'cloudtrail',
'details': {
'requestparameters': {
'attribute': 'astringvalue',
'attribute': {'afieldname': 'astringvalue'},
}
}
}
Expand All @@ -75,7 +75,7 @@ def test_attribute(self):
'details': {
'requestparameters': {
'attribute': {
'raw_value': 'astringvalue',
'raw_value': '{"afieldname": "astringvalue"}',
}
}
}
Expand All @@ -88,7 +88,7 @@ def test_description(self):
'source': 'cloudtrail',
'details': {
'requestparameters': {
'description': 'astringvalue',
'description': {'afieldname': 'astringvalue'},
}
}
}
Expand All @@ -99,7 +99,7 @@ def test_description(self):
'details': {
'requestparameters': {
'description': {
'raw_value': 'astringvalue',
'raw_value': '{"afieldname": "astringvalue"}',
}
}
}
Expand All @@ -112,7 +112,7 @@ def test_filter(self):
'source': 'cloudtrail',
'details': {
'requestparameters': {
'filter': 'astringvalue',
'filter': {'afieldname': 'astringvalue'},
}
}
}
Expand All @@ -123,7 +123,7 @@ def test_filter(self):
'details': {
'requestparameters': {
'filter': {
'raw_value': 'astringvalue',
'raw_value': '{"afieldname": "astringvalue"}',
}
}
}
Expand All @@ -136,7 +136,7 @@ def test_role(self):
'source': 'cloudtrail',
'details': {
'responseelements': {
'role': 'astringvalue',
'role': {'afieldname': 'astringvalue'},
}
}
}
Expand All @@ -147,7 +147,7 @@ def test_role(self):
'details': {
'responseelements': {
'role': {
'raw_value': 'astringvalue',
'raw_value': '{"afieldname": "astringvalue"}',
}
}
}
Expand All @@ -159,7 +159,7 @@ def test_additionaleventdata(self):
msg = {
'source': 'cloudtrail',
'details': {
'additionaleventdata': 'astringvalue',
'additionaleventdata': {'afieldname': 'astringvalue'},
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
Expand All @@ -168,7 +168,7 @@ def test_additionaleventdata(self):
'source': 'cloudtrail',
'details': {
'additionaleventdata': {
'raw_value': 'astringvalue',
'raw_value': '{"afieldname": "astringvalue"}',
}
}
}
Expand Down Expand Up @@ -199,7 +199,7 @@ def test_serviceeventdetails(self):
msg = {
'source': 'cloudtrail',
'details': {
'serviceeventdetails': 'astringvalue',
'serviceeventdetails': {'afieldname': 'astringvalue'},
}
}
(retmessage, retmeta) = self.plugin.onMessage(msg, {})
Expand All @@ -208,7 +208,7 @@ def test_serviceeventdetails(self):
'source': 'cloudtrail',
'details': {
'serviceeventdetails': {
'raw_value': 'astringvalue',
'raw_value': '{"afieldname": "astringvalue"}',
}
}
}
Expand All @@ -231,7 +231,7 @@ def test_rule(self):
'details': {
'requestparameters': {
'rule': {
'raw_value': 'astringvalue',
'raw_value': '"astringvalue"',
}
}
}
Expand All @@ -244,7 +244,7 @@ def test_subnets(self):
'source': 'cloudtrail',
'details': {
'responseelements': {
'subnets': 'astringvalue',
'subnets': {'afieldname': 'astringvalue'},
}
}
}
Expand All @@ -255,7 +255,7 @@ def test_subnets(self):
'details': {
'responseelements': {
'subnets': {
'raw_value': 'astringvalue',
'raw_value': '{"afieldname": "astringvalue"}',
}
}
}
Expand All @@ -279,7 +279,7 @@ def test_endpoint(self):
'details': {
'responseelements': {
'endpoint': {
'raw_value': 'astringvalue',
'raw_value': '"astringvalue"',
}
}
}
Expand All @@ -292,7 +292,7 @@ def test_ebs_optimized(self):
'source': 'cloudtrail',
'details': {
'requestparameters': {
'ebsoptimized': 'astringvalue',
'ebsoptimized': False,
}
}
}
Expand All @@ -303,7 +303,7 @@ def test_ebs_optimized(self):
'details': {
'requestparameters': {
'ebsoptimized': {
'raw_value': 'astringvalue',
'raw_value': 'false',
}
}
}
Expand All @@ -316,7 +316,7 @@ def test_securityGroups(self):
'source': 'cloudtrail',
'details': {
'responseelements': {
'securitygroups': 'astringvalue',
'securitygroups': ['astringvalue','anotherstringvalue']
}
}
}
Expand All @@ -327,7 +327,7 @@ def test_securityGroups(self):
'details': {
'responseelements': {
'securitygroups': {
'raw_value': 'astringvalue',
'raw_value': '["astringvalue", "anotherstringvalue"]',
}
}
}
Expand All @@ -340,7 +340,7 @@ def test_disableApiTermination(self):
'source': 'cloudtrail',
'details': {
'requestparameters': {
'disableapitermination': 'astringvalue'
'disableapitermination': False
}
}
}
Expand All @@ -351,7 +351,7 @@ def test_disableApiTermination(self):
'details': {
'requestparameters': {
'disableapitermination': {
'raw_value': 'astringvalue'
'raw_value': 'false'
}
}
}
Expand All @@ -375,7 +375,7 @@ def test_responseelements_lastModified(self):
'details': {
'responseelements': {
'lastmodified': {
'raw_value': 'astringvalue'
'raw_value': '"astringvalue"'
}
}
}
Expand Down Expand Up @@ -408,7 +408,7 @@ def test_unusual(self):
'service': {
'additionalinfo': {
'unusual': {
'raw_value': 'astringvalue'
'raw_value': '"astringvalue"'
}
}
}
Expand Down

0 comments on commit 70fd219

Please sign in to comment.